[Openswan Users] Problem between openswan and netscreen

Gilles Bachmann g.bachmann at orsid.com
Wed Nov 19 03:03:19 EST 2008 

Hello

Openswan is already running on server because some clients may have 
already established a VPN with it. The problem is when another client 
using a netscreen vpn established a connection. For compatibility with 
another tunnel, netscreen VPN is configured with the option set 
Ike-IDMOD=ip (default subnet). I turn of Phase 1, but the tunnel blocks 
in Phase II.

my kernel is : 2.6.18-92
Openswan Version : openswan-2.6.14-1

Here are the logs :

002 "test" #2332: initiating Main Mode
104 "test" #2332: STATE_MAIN_I1: initiate
003 "test" #2332: ignoring unknown Vendor ID payload 
[248982ac5f111a4ea52807e91f893e1eb00800310000000d00000403]
003 "test" #2332: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
002 "test" #2332: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "test" #2332: STATE_MAIN_I2: sent MI2, expecting MR2
002 "test" #2332: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "test" #2332: STATE_MAIN_I3: sent MI3, expecting MR3
002 "test" #2332: Main mode peer ID is ID_IPV4_ADDR: '212.155.108.249'
002 "test" #2332: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "test" #2332: STATE_MAIN_I4: ISAKMP SA established 
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp1024}
002 "test" #2332: alloc_bytes1() was mistakenly asked to malloc 0 bytes 
for st_skey_ar in duplicate_state, please report to dev at openswan.org
002 "test" #2332: alloc_bytes1() was mistakenly asked to malloc 0 bytes 
for st_skey_er in duplicate_state, please report to dev at openswan.org
002 "test" #2332: alloc_bytes1() was mistakenly asked to malloc 0 bytes 
for st_skey_pi in duplicate_state, please report to dev at openswan.org
002 "test" #2332: alloc_bytes1() was mistakenly asked to malloc 0 bytes 
for st_skey_pr in duplicate_state, please report to dev at openswan.org
002 "test" #2333: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW 
{using isakmp#2332 msgid:4e6b2ebb proposal=3DES(3)_192-SHA1(2)_160 
pfsgroup=no-pfs}
117 "test" #2333: STATE_QUICK_I1: initiate
003 "test" #2333: IDci, IDcr payloads missing in message but default 
does not match proposal
218 "test" #2333: STATE_QUICK_I1: INVALID_ID_INFORMATION
002 "test" #2333: sending encrypted notification INVALID_ID_INFORMATION 
to xxx.xxx.xxx.xxx:500

please help me

regards

Gilles








-------------- next part --------------
A non-text attachment was scrubbed...
Name: g_bachmann.vcf
Type: text/x-vcard
Size: 221 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20081119/1300aad8/attachment.vcf

More information about the Users mailing list